As Congress scurries to avoid another government shutdown, lawmakers may be ready to once again bring up a controversial information-sharing bill for consideration this week, which critics dubbed “a surveillance bill masquerading as a cybersecurity bill.”
According to a report by Politico, confusion reigns at the Senate as Majority Leader Mitch McConnell (R-Kentucky) mulls over the chamber’s upcoming schedule. One unidentified source told the outlet that it was “likely” McConnell paves the way for a reintroduction of the Cybersecurity Information Sharing Act (CISA), but others said the situation was still “very uncertain.”
If passed into law, the bill would give companies greater liability protection when it comes to collecting personal data that could potentially be related to security threats. It would also allow them to share that information with government departments such as the National Security Agency.
Debate over the cyber bill has been extremely contentious, with privacy advocates routinely devising campaigns against it and claiming it will actually grant the federal government more power to spy on Americans than it already has.
The arguments intensified this month after The Software Alliance (BSA), which advocates for the global software industry, penned a letter to lawmakers urging them to take action on five digital priorities. One of these included “cyber threat information sharing legislation” allowing private companies with information about “vulnerability and intrusions to more easily share that information voluntarily.”
Signed by large companies such as Apple, IBM, Microsoft and others, the letter was seen by privacy advocates as granting support for CISA, though it did not explicitly endorse the bill. One advocacy group, Fight for the Future, even set up a website called YouBetrayedUs.org to criticize the organizations. The group has also called CISA “a surveillance bill in disguise.”
“Many of these companies have previously claimed to fight for their users’ privacy rights, but by supporting this type of legislation, they’ve made it clear that they’ve abandoned that position, and are willing to endanger their users’ security and civil rights in exchange for government handouts and protection,” the website reads.
Since then, one company, SalesForce, stated that it does not support CISA. Meanwhile, the BSA updated its site to say that it “does not support any of the three current bills pending before Congress,” including CISA.
“BSA has consistently advocated for strong privacy protections in all information sharing bills currently pending before the Congress,” the group’s website continued
The CISA bill gained a new lease on life, though, after the massive hack that targeted the government’s Office of Personnel Management (OPM) earlier this year. Declared the largest hack in government history, the attack claimed the personal information of more than 21 million people, the vast majority of which either were or currently are federal employees. Last week, the agency said hackers also gained access to the fingerprint records of some 5.6 million people.
Combined with the hack against Sony Pictures Entertainment last year, the incidents caused President Obama and congressional lawmakers to renew their push for more cooperation between the private and public sectors to fight cyber threats. Supporters argue that CISA will permit officials to more easily discover digital threats and potentially stop them before they strike.
Critics have questioned that line of thought, saying the current bill does not offer enough protections for individuals and that companies won’t be required to delete personal information before sharing it with the government. Data such as credit card information, addresses and more information could then be funneled into federal hands.
In July, Senator Ron Wyden (D-Oregon) reiterated the concerns of privacy advocates, saying CISA offers few incentives for companies to keep personal information private.
“The government can’t keep its own data safe,” he said, referring to the OPM hack. “Giving more of your information to the government creates a huge new target for hackers.”